BTCPay Server v2.0.6 Release

Written By Bitesize Bitcoin

BTCPay Server, an open-source Bitcoin payment processor, recently released version v2.0.6, introducing important updates and fixes. This release, announced by lead contributor Nicolas Dorier, focuses on critical security improvements, bug fixes, and new features aimed at enhancing user experience and merchant functionality.

Security Fixes

The release addresses a critical security vulnerability affecting merchants using On-Chain refunds/pull payments with automated payout processors:

Duplicate payouts prevention: A bug that could result in duplicate payouts in certain On-Chain configurations has been resolved. While BTCPay Server's team could not reproduce the issue in their environments, the reporting merchant confirmed the problem was resolved after applying the fix. Merchants are advised to update immediately to avoid potential exploits.

New Features

SEO Enhancements for Crowdfund and Point of Sale (PoS):

Merchants can now customize HTML meta tags and the HTML lang attribute for their crowdfund and PoS pages. (PR #6229 by @Nisaba)

Manual Transition of Payout States:

A new option allows merchants to manually transition a payout from the InProgress state to AwaitingPayment, improving control over payout workflows. (PR #6564 by @NicolasDorier)

Bug Fixes

The release includes a range of critical and minor bug fixes:

Custom Email Server Reset: Merchants can now reset custom email server settings if needed. (PR #6547/#6546 by @dennisreimann)

Custom CSS URL Issue: Resolved a problem where the store’s custom CSS URL was not applied correctly. (PR #6555/#6554 by @dennisreimann)

Migration Bugs:

Fixed issues during migration from v1 to v2, especially for very old instances. (PR #6551 by @NicolasDorier)

Addressed problems for users who previously utilized the old ETH integration. (PR #6539 by @NicolasDorier)

API Fixes:

Corrected the GET v1/stores/{storeId}/payment-methods/{paymentMethod} route, ensuring the enabled property reflects the correct state when the onlyEnabled query parameter is passed. (PR #6570)

Updated the PUT v1/stores/{storeId}/payment-methods/{paymentMethod} route to properly handle documented configuration payloads for On-Chain payment methods. (PR #6570)

UI and Dashboard Improvements:

Fixed side menu scrolling issues on Firefox for Android. (PR #6548/#6552 by @dennisreimann)

Corrected the Lightning balance display for very small amounts on the dashboard. (PR #6573 by @dennisreimann)

Improvements

Several enhancements were made to improve usability and extend BTCPay Server's features:

Shopify Integration Deprecation Notice:

Added a warning about Shopify deprecating the legacy integration and provided a link to a new plugin. (PR #6559 by @TChukwuleta)

PayJoin Relaxation:

Updated rules in line with changes to the BIP78 specification for PayJoin transactions. (PR #6561 by @NicolasDorier)

Rate Provider for CAD:

Kraken was added as the default rate provider for Canadian Dollar conversions. (PR by @NicolasDorier)

Wallet UI Enhancements:

Introduced tooltips and links to pull-payment tags in the transaction list for better navigation. (PR #6562 by @NicolasDorier)

Plugin Extensibility:

Checkout Cheat Mode is now extensible via plugins, enabling more customization. (PR #6543 by @NicolasDorier)

iFrame Support:

Allow receipts to be shown in an iframe while optionally hiding the "back to store" link for a cleaner experience. (PR #6574 by @dennisreimann)

Recommendations

Merchants are strongly encouraged to update to v2.0.6 as soon as possible to apply the critical security fixes. Beyond security, this release introduces valuable features and bug fixes that enhance both the backend and frontend user experience.

For full details, visit the BTCPay Server GitHub repository.

Bitesize Bitcoin

Previous

The Prosecution of Roman Storm: A Critical Moment For Software Development
Next

President Trump Pardons Silk Road Founder Ross Ulbricht